MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Problem sa virusom

Napisano na dan: 15.9.2013

Strana:
1
2

Problem sa virusom

Sledeća strana

Pagination

Odgovori

Strana:
1
2

cvetko_a Poslao: 15 Sep 2013 10:50 Idi na vrh
offline cvetko_a Građanin Pridružio: 20 Feb 2005 Poruke: 297 Gde živiš: Vranje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 15 Sep 2013 10:40 Koristim Eset smart security antivirus koji nemože da obriše virus,nisam uspeo da pročitam koji je virus u pitanju nešto kao Win 32 trojan drooper tako nekako i još neki ,kaže da će biti obrisan prilikom ponovnog pokretanja računara ali opet ništa,nemoguće je pokrenuti system restore point jer su se ti fajlovi izgubili ??Neznam koko da ih povratim a i juče sam napravio novi restore point. Problem se desio prilikom prebacivanje failova sa usb memorijske kartice,i sada na usb kartici mogu da koristim svega 4-5 programa a ostalo je u vidu shorcut-a...Ujedno da napomenem da sam zalazio po raznim sajtovima radi skidanja programa,craka.Juče sam probao i sa Malwarebyte i ništa ujedno mi odgovorite šta da radim sa usb mmc.Koristim ADSL konekciju. Da napomenem da nikako nemogu da zaustavim ili obrišem iz starta ovo: "C:\ProgramData\Realtek0\omylcqksw.exe Ovo mi je najviše sumnjivo;Realtek0 omylcqksw Evo i loga: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2 Run by Hranca at 10:15:14 on 2013-09-15 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3071.1697 [GMT 2:00] . AV: ESET Smart Security 6.0 Enabled/Updated {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 6.0 Enabled/Updated {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET lični zaštitni zid Enabled {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mobogenie\DaemonProcess.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\WerFault.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.EXE C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mobogenie\mgusb.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Google Update] "C:\Users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Realtek Audio Manager] \Windows\Explorer.exe mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:221 uPolicies-Explorer: NoSMBalloonTip = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: RunStartupScriptSync = dword:1 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{47DA6221-F032-4FA7-AC51-0010E42B3AB1} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{509A287C-B7E3-4FCC-911E-BC94F16EEE30} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{75C9A330-DD36-4C72-96D5-F079E91CD177} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{BD5EC01A-EB3E-4874-948B-EFC7239B9638} : DHCPNameServer = 192.168.42.129 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL IFEO: rstrui.exe - ndtcr_.exe x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-IFEO: rstrui.exe - ndtcr_.exe . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-11-28 57904] R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-10-8 211344] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-10-8 59440] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-9 235520] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-26 1329304] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136] R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [2013-1-20 12824] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-14 418376] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-19 4308320] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768] R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-6-30 411136] R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2013-1-20 44624] R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\drivers\dtscsibus.sys [2013-3-6 29696] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-14 25928] R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2012-12-30 34032] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-14 701512] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384] S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-1-20 580648] S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768] S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfSdkS64.exe [2013-1-20 544768] S3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-3-6 580672] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-10-21 14448] S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2013-1-12 15360] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-2-15 19032] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-2-15 12384] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-3 19456] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944] S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-3 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-21 1255736] S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] S4 WO_LiveService;Ashampoo LiveTuner Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [2013-1-20 884608] . =============== File Associations =============== . FileExt: .reg: Applications\AcroRd32.exe="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe" "%1" [UserChoice] [default=Read - 'Open' doesn't exist] . =============== Created Last 30 ================ . 2013-09-14 18:27:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-14 18:27:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-14 13:24:58 922112 ----a-w- C:\Users\Hranca\AppData\Roaming\Updater.exe 2013-09-14 13:15:31 -------- d-sh--w- C:\ProgramData\Realtek0 2013-09-14 13:15:24 -------- d-sh--w- C:\Users\Hranca\AppData\Roaming\msgr 2013-08-16 21:05:05 53152 ----a-w- C:\Windows\System32\USBCoInstaller.dll 2013-08-16 21:03:09 -------- d-----w- C:\Users\Hranca\AppData\Local\cache 2013-08-16 21:03:08 -------- d-----w- C:\Users\Hranca\AppData\Local\Mobogenie 2013-08-16 21:02:59 -------- d-----w- C:\Program Files (x86)\Mobogenie . ==================== Find3M ==================== . 2013-09-14 19:09:16 281768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-09-14 19:09:16 281768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-09-14 18:00:44 281768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-08-17 06:22:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-17 06:22:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-06 06:45:25 73216 ----a-w- C:\Windows\ST6UNST.EXE 2013-08-06 06:45:25 249856 ------w- C:\Windows\Setup1.exe 2013-06-22 16:20:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-22 16:20:48 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-22 16:20:48 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 10:15:33,69 =============== https://www.mycity.rs/must-login.png Dopuna: 15 Sep 2013 10:50 Sad sam ulovio poruku od Eseta C:\ProgramData\Realtek0\omylcqksw.exe Njega izbacuje kao injector AMTG trojanac taj fail nepostoji u računaru nemogu ga nigde naći ima ga samo u startu HKCU:Run Google Update Google Inc. "C:\Users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe" /c Evo starta: HKCU:Run Realtek Audio Manager "C:\ProgramData\Realtek0\omylcqksw.exe" HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" HKLM:Run egui ESET "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice HKLM:Run mobilegeni daemon Beijing AmazGame Age Internet Technology Co., Ltd. C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Profil

TwinHeadedEagle Poslao: 15 Sep 2013 10:53 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, cvetko_a Ne koristi u toku slucaja USB, njega cemo ocistiti nakon sto sredimo sistem. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku; Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata; Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata; Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

Profil

cvetko_a Poslao: 15 Sep 2013 15:42 Idi na vrh
offline cvetko_a Građanin Pridružio: 20 Feb 2005 Poruke: 297 Gde živiš: Vranje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 13-09-14.01 - Hranca 15.09.2013 15:15:34.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3071.1807 [GMT 2:00] Running from: c:\users\Hranca\Desktop\ComboFix.exe AV: ESET Smart Security 6.0 Disabled/Updated {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET lični zaštitni zid Disabled {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 6.0 Disabled/Updated {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\dxoludite.exe c:\users\Hranca\AppData\Roaming\inst.exe c:\users\Hranca\AppData\Roaming\Updater.exe c:\users\Hranca\AppData\Roaming\vso_ts_preview.xml c:\windows\box.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\ST6UNST.000 c:\windows\SysWow64\frapsvid.dll . . ((((((((((((((((((((((((( Files Created from 2013-08-15 to 2013-09-15 ))))))))))))))))))))))))))))))) . . 2013-09-15 12:45 . 2013-09-15 12:45 -------- d-----w- c:\program files (x86)\AppFiles 2013-09-15 12:45 . 2013-09-15 12:50 -------- d-----w- c:\program files (x86)\MyPC Backup 2013-09-14 18:27 . 2013-09-14 18:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-09-14 18:27 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-14 13:15 . 2013-09-14 16:40 -------- d-sh--w- c:\programdata\Realtek0 2013-09-14 13:15 . 2013-09-14 13:15 -------- d-sh--w- c:\users\Hranca\AppData\Roaming\msgr 2013-08-16 21:05 . 2013-08-16 21:05 53152 ----a-w- c:\windows\system32\USBCoInstaller.dll 2013-08-16 21:03 . 2013-09-12 21:24 -------- d-----w- c:\users\Hranca\AppData\Local\cache 2013-08-16 21:03 . 2013-09-07 16:09 -------- d-----w- c:\users\Hranca\AppData\Local\Mobogenie 2013-08-16 21:02 . 2013-09-12 21:24 -------- d-----w- c:\program files (x86)\Mobogenie . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-14 19:09 . 2013-02-03 11:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-09-14 19:09 . 2012-04-30 15:53 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-09-14 18:00 . 2013-02-03 11:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-08-17 06:22 . 2012-04-02 15:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-17 06:22 . 2012-04-02 15:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-06 06:45 . 2013-01-18 11:04 249856 ------w- c:\windows\Setup1.exe 2013-08-06 06:45 . 2013-01-18 11:04 73216 ----a-w- c:\windows\ST6UNST.EXE 2013-06-22 16:20 . 2013-06-22 16:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-22 16:20 . 2012-06-16 11:19 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-22 16:20 . 2012-06-16 11:19 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-02 39408] "Realtek Audio Manager"="c:\programdata\Realtek0\omylcqksw.exe" [2013-09-14 196608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2013-09-10 646336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\rstrui.exe] "Debugger"=r_.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x] R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [x] R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 Synth3dVsc;Synth3dVsc; [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub; [x] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files (x86)\Windows Live\Messenger\usnsvc.exe;c:\program files (x86)\Windows Live\Messenger\usnsvc.exe [x] R3 VGPU;VGPU; [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R4 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x] S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x] S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job - c:\users\Hranca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 09:31] . 2013-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job - c:\users\Hranca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 09:31] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 15:16] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 15:16] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job - c:\users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 13:31] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job - c:\users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 13:31] . 2013-09-14 c:\windows\Tasks\ParetoLogic Registration.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2013-09-15 c:\windows\Tasks\ReclaimerUpdateFiles_Hranca.job - c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38] . 2013-09-14 c:\windows\Tasks\ReclaimerUpdateXML_Hranca.job - c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38] . 2013-09-15 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Hranca.job - c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 6325936] . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe] "Debugger"=r_.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: raiffeisenbank.rs\rol TCP: DhcpNameServer = 192.168.1.1 DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3660575161-1947987749-166325203-1000_Classes\CLSID\{E9B5582A-EACD-AB45-A77F-46BEFB2A4005}] @Denied: (A 4) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\omylcqksw.exe] @Denied: (A B 2 3) (Everyone) "DisableExceptionChainValidation"="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0] "Key"="http://schemas.microsoft.com/office/smartdocuments/2003" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias] "0"="Microsoft Actions Pane 3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe c:\program files (x86)\TeamViewer\Version8\tv_w32.exe c:\windows\SysWOW64\WerFault.exe c:\program files (x86)\Mobogenie\mgusb.exe . ************************************************************************** . Completion time: 2013-09-15 15:37:27 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-15 13:37 . Pre-Run: 30.158.815.232 bytes free Post-Run: 30.011.850.752 bytes free . - - End Of File - - 153E4DEF0EFE6DE340D106B6CAE8CD39 A36C5E4F47E84449FF07ED3517B43A31

Profil

TwinHeadedEagle Poslao: 15 Sep 2013 20:59 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: c:\programdata\Realtek0 c:\users\Hranca\AppData\Roaming\msgr c:\program files (x86)\MyPC Backup Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Realtek Audio Manager"=- ClearJavaCache::` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

cvetko_a Poslao: 15 Sep 2013 22:47 Idi na vrh
offline cvetko_a Građanin Pridružio: 20 Feb 2005 Poruke: 297 Gde živiš: Vranje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 13-09-14.01 - Hranca 15.09.2013 22:27:25.3.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3071.1828 [GMT 2:00] Running from: c:\users\Hranca\Desktop\ComboFix.exe Command switches used :: c:\users\Hranca\Desktop\CFScript.txt.txt AV: ESET Smart Security 6.0 Disabled/Updated {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET lični zaštitni zid Disabled {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 6.0 Disabled/Updated {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\MyPC Backup c:\program files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe c:\programdata\Realtek0\nnkzcpsaq.exe c:\programdata\Realtek0\omylcqksw.exe c:\users\Hranca\AppData\Roaming\msgr . . ((((((((((((((((((((((((( Files Created from 2013-08-15 to 2013-09-15 ))))))))))))))))))))))))))))))) . . 2013-09-15 20:34 . 2013-09-15 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-15 12:45 . 2013-09-15 12:45 -------- d-----w- c:\program files (x86)\AppFiles 2013-09-14 18:27 . 2013-09-14 18:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-09-14 18:27 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-14 13:15 . 2013-09-15 20:32 -------- d-----w- c:\programdata\Realtek0 2013-08-16 21:05 . 2013-08-16 21:05 53152 ----a-w- c:\windows\system32\USBCoInstaller.dll 2013-08-16 21:03 . 2013-09-12 21:24 -------- d-----w- c:\users\Hranca\AppData\Local\cache 2013-08-16 21:03 . 2013-09-07 16:09 -------- d-----w- c:\users\Hranca\AppData\Local\Mobogenie 2013-08-16 21:02 . 2013-09-12 21:24 -------- d-----w- c:\program files (x86)\Mobogenie . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-15 16:28 . 2013-02-03 11:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-09-15 16:28 . 2012-04-30 15:53 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-09-15 15:37 . 2013-02-03 11:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-08-17 06:22 . 2012-04-02 15:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-17 06:22 . 2012-04-02 15:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-06 06:45 . 2013-01-18 11:04 249856 ------w- c:\windows\Setup1.exe 2013-08-06 06:45 . 2013-01-18 11:04 73216 ----a-w- c:\windows\ST6UNST.EXE 2013-06-22 16:20 . 2013-06-22 16:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-22 16:20 . 2012-06-16 11:19 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-22 16:20 . 2012-06-16 11:19 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-02 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2013-09-10 646336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x] R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [x] R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 Synth3dVsc;Synth3dVsc; [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub; [x] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files (x86)\Windows Live\Messenger\usnsvc.exe;c:\program files (x86)\Windows Live\Messenger\usnsvc.exe [x] R3 VGPU;VGPU; [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R4 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x] S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x] S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job - c:\users\Hranca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 09:31] . 2013-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job - c:\users\Hranca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 09:31] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 15:16] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 15:16] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job - c:\users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 13:31] . 2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job - c:\users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 13:31] . 2013-09-15 c:\windows\Tasks\ParetoLogic Registration.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2013-09-15 c:\windows\Tasks\ReclaimerUpdateFiles_Hranca.job - c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38] . 2013-09-15 c:\windows\Tasks\ReclaimerUpdateXML_Hranca.job - c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38] . 2013-09-15 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Hranca.job - c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 6325936] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: raiffeisenbank.rs\rol TCP: DhcpNameServer = 192.168.1.1 DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3660575161-1947987749-166325203-1000_Classes\CLSID\{E9B5582A-EACD-AB45-A77F-46BEFB2A4005}] @Denied: (A 4) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\omylcqksw.exe] @Denied: (A B 2 3) (Everyone) "DisableExceptionChainValidation"="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0] "Key"="http://schemas.microsoft.com/office/smartdocuments/2003" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias] "0"="Microsoft Actions Pane 3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-15 22:44:43 ComboFix-quarantined-files.txt 2013-09-15 20:44 ComboFix2.txt 2013-09-15 13:37 . Pre-Run: 29.859.860.480 bytes free Post-Run: 29.805.563.904 bytes free . - - End Of File - - 073564EFDB4CC7CE2ED9281016004890 A36C5E4F47E84449FF07ED3517B43A31

Profil

TwinHeadedEagle Poslao: 16 Sep 2013 11:06 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Privodimo kraju, jos da izvrsimo dodatne provere... Korak 1. Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom. Tvoj Windows je 64-bitna verzija. Dvoklikom pokreni FRST; Kada se alat startuje, klikni Yes na disclaimer. Klikni na dugme Scan; Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan. Iskopiraj sadrzaj tog loga u poruku. Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file". Korak 2. Preuzmi TDSSKiller i sacuvaj ga na Desktop Dvoklikom pokreni TDSSKiller.exe ... klikni na dugme Start Scan Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue. Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure. Okaci mi sadrzaj log-a sa sledece lokacije: C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt (DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)[/quote]

Profil

cvetko_a Poslao: 16 Sep 2013 14:56 Idi na vrh
offline cvetko_a Građanin Pridružio: 20 Feb 2005 Poruke: 297 Gde živiš: Vranje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 16 Sep 2013 14:51 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01 Ran by Hranca (administrator) on HRANCA-PC on 16-09-2013 14:33:49 Running from C:\Users\Hranca\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6325936 2012-11-26] (ESET) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-02] (Google Inc.) HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKCU\...\Policies\Explorer: [NoSMBalloonTip] 1 HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 0 HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [646336 2013-09-10] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9B5EEFBD070FCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll DPF: HKLM-x32 {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} https://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll DPF: HKLM-x32 {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} https://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazon......5.1.0.cab DPF: HKLM-x32 {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Hranca\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hranca\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hranca\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Extension: OneClickDownloader - C:\Users\Hranca\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com FF Extension: gophoto - C:\Users\Hranca\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi FF Extension: No Name - C:\Users\Hranca\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js FF Extension: No Name - C:\Users\Hranca\AppData\Roaming\Mozilla\Firefox\profiles\extensions\search.sqlite FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= CHR Extension: (Gmail) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [580672 2013-03-06] (Disc Soft Ltd) R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1329304 2012-11-26] (ESET) S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2013-02-17] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-03] () S3 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () S3 usnjsvc; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [98672 2007-05-17] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [228208 2007-05-16] () S4 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [884608 2012-05-14] () ==================== Drivers (Whitelisted) ==================== S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation) R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-03-06] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [189208 2012-10-08] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-10-08] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-11-28] (ESET) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [12824 2011-03-08] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] () S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] () R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-12-30] (Sony Ericsson Mobile Communications) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-04-04] () U3 a1na4qk0; C:\Windows\System32\Drivers\a1na4qk0.sys [0 ] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 SANDRA; No ImagePath S3 Synth3dVsc; No ImagePath S3 tsusbhub; No ImagePath S3 VGPU; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\FRST 2013-09-16 14:31 - 2013-09-16 14:31 - 01951150 _____ (Farbar) C:\Users\Hranca\Desktop\FRST64.exe 2013-09-16 14:31 - 2013-09-16 14:31 - 00000000 ____D C:\Users\Hranca\Desktop\Tekstovi 2013-09-15 22:44 - 2013-09-15 22:44 - 00019672 _____ C:\ComboFix.txt 2013-09-15 15:04 - 2013-09-16 14:19 - 00004900 _____ C:\Windows\PFRO.log 2013-09-15 14:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-15 14:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-15 14:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-15 14:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-15 14:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-15 14:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-15 14:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-15 14:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-15 14:58 - 2013-09-15 22:45 - 00000000 ____D C:\Qoobox 2013-09-15 14:57 - 2013-09-15 15:32 - 00000000 ____D C:\Windows\erdnt 2013-09-15 14:52 - 2013-09-15 14:53 - 05126233 _____ (Swearware) C:\Users\Hranca\Downloads\ComboFix (1).exe 2013-09-15 14:51 - 2013-09-15 14:51 - 00384318 _____ ( ) C:\Users\Hranca\Downloads\Mobile_phone_IMEI_unlocker_v1.3_[(zabranjeno)ED] (1).exe 2013-09-15 14:45 - 2013-09-15 14:45 - 00000000 ____D C:\Program Files (x86)\AppFiles 2013-09-15 14:44 - 2013-09-15 14:52 - 00000000 ____D C:\Users\Hranca\Downloads\SetupIns 2013-09-15 14:43 - 2013-09-16 14:20 - 00000224 _____ C:\Windows\setupact.log 2013-09-15 14:43 - 2013-09-15 14:43 - 00000000 _____ C:\Windows\setuperr.log 2013-09-15 14:42 - 2013-09-15 14:42 - 00384318 _____ ( ) C:\Users\Hranca\Downloads\Mobile_phone_IMEI_unlocker_v1.3_[(zabranjeno)ED].exe 2013-09-15 10:11 - 2013-09-15 10:11 - 05126233 ____R (Swearware) C:\Users\Hranca\Desktop\ComboFix.exe 2013-09-15 09:39 - 2013-09-16 14:22 - 00158511 _____ C:\Windows\WindowsUpdate.log 2013-09-14 20:27 - 2013-09-14 20:27 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-14 20:27 - 2013-09-14 20:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-14 20:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-14 20:25 - 2013-09-14 20:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hranca\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-14 18:53 - 2013-09-14 18:53 - 00001664 _____ C:\Users\Public\Desktop\Recuva.lnk 2013-09-14 18:45 - 2013-09-14 18:45 - 00000745 _____ C:\Users\Hranca\Documents\TombRaider.log 2013-09-14 17:51 - 2013-09-14 17:51 - 00354699 __RSH C:\PNGIJ 2013-09-14 17:51 - 2013-09-14 17:51 - 00000000 __RSH C:\mkxt.ld 2013-09-14 15:15 - 2013-09-16 14:20 - 00000000 ____D C:\ProgramData\Realtek0 2013-09-14 15:15 - 2013-09-14 15:15 - 00003210 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x0BC402F2 2013-09-13 22:58 - 2013-09-15 14:56 - 00000367 _____ C:\Users\Hranca\Desktop\New Text Document.txt 2013-09-10 10:34 - 2013-09-10 10:35 - 00541984 _____ C:\Users\Hranca\Documents\Spojeno.mp3.sfk 2013-09-10 10:16 - 1995-01-01 02:00 - 00000044 _____ C:\Users\Hranca\Desktop\Track02.cda 2013-09-02 17:39 - 2013-09-16 14:20 - 00000380 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Hranca.job 2013-09-02 17:39 - 2013-09-15 17:52 - 00002968 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Hranca 2013-09-02 17:39 - 2013-09-15 17:52 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Hranca.job 2013-09-02 17:39 - 2013-09-15 11:45 - 00002972 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Hranca 2013-09-02 17:39 - 2013-09-15 11:45 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Hranca.job 2013-09-02 17:39 - 2013-09-02 17:39 - 00003618 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Hranca 2013-09-02 17:39 - 2013-09-02 17:39 - 00002676 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Hranca 2013-08-17 08:38 - 2013-08-17 08:42 - 00000000 ___RD C:\Users\Hranca\Desktop\MOBILNI ==================== One Month Modified Files and Folders ======= 2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\FRST 2013-09-16 14:31 - 2013-09-16 14:31 - 01951150 _____ (Farbar) C:\Users\Hranca\Desktop\FRST64.exe 2013-09-16 14:31 - 2013-09-16 14:31 - 00000000 ____D C:\Users\Hranca\Desktop\Tekstovi 2013-09-16 14:28 - 2012-04-02 16:08 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6599C1B7-5469-40F1-81BD-1AD35A6AC043} 2013-09-16 14:22 - 2013-09-15 09:39 - 00158511 _____ C:\Windows\WindowsUpdate.log 2013-09-16 14:20 - 2013-09-15 14:43 - 00000224 _____ C:\Windows\setupact.log 2013-09-16 14:20 - 2013-09-14 15:15 - 00000000 ____D C:\ProgramData\Realtek0 2013-09-16 14:20 - 2013-09-02 17:39 - 00000380 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Hranca.job 2013-09-16 14:20 - 2012-04-02 17:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-16 14:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-16 14:19 - 2013-09-15 15:04 - 00004900 _____ C:\Windows\PFRO.log 2013-09-15 23:21 - 2013-08-16 23:03 - 00005600 _____ C:\Users\Hranca\daemonprocess.txt 2013-09-15 23:14 - 2013-01-26 21:07 - 00000000 ____D C:\Users\Hranca\AppData\Roaming\HLSW 2013-09-15 22:58 - 2013-02-03 13:32 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-09-15 22:58 - 2012-04-30 17:53 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2013-09-15 22:57 - 2012-04-02 17:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-15 22:54 - 2012-09-28 09:27 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job 2013-09-15 22:45 - 2013-09-15 14:58 - 00000000 ____D C:\Qoobox 2013-09-15 22:44 - 2013-09-15 22:44 - 00019672 _____ C:\ComboFix.txt 2013-09-15 22:36 - 2013-03-15 11:31 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job 2013-09-15 22:35 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-09-15 22:29 - 2009-07-14 06:45 - 00046544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-15 22:29 - 2009-07-14 06:45 - 00046544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-15 19:24 - 2013-01-19 00:05 - 00001096 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk 2013-09-15 18:28 - 2013-02-03 13:32 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-09-15 18:00 - 2013-04-14 21:01 - 00000468 _____ C:\Windows\Tasks\ParetoLogic Registration.job 2013-09-15 17:52 - 2013-09-02 17:39 - 00002968 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Hranca 2013-09-15 17:52 - 2013-09-02 17:39 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Hranca.job 2013-09-15 15:37 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-15 15:32 - 2013-09-15 14:57 - 00000000 ____D C:\Windows\erdnt 2013-09-15 14:57 - 2012-09-28 09:27 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job 2013-09-15 14:56 - 2013-09-13 22:58 - 00000367 _____ C:\Users\Hranca\Desktop\New Text Document.txt 2013-09-15 14:53 - 2013-09-15 14:52 - 05126233 _____ (Swearware) C:\Users\Hranca\Downloads\ComboFix (1).exe 2013-09-15 14:52 - 2013-09-15 14:44 - 00000000 ____D C:\Users\Hranca\Downloads\SetupIns 2013-09-15 14:51 - 2013-09-15 14:51 - 00384318 _____ ( ) C:\Users\Hranca\Downloads\Mobile_phone_IMEI_unlocker_v1.3_[(zabranjeno)ED] (1).exe 2013-09-15 14:50 - 2012-03-31 08:26 - 00000000 ___RD C:\Users\Hranca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-15 14:45 - 2013-09-15 14:45 - 00000000 ____D C:\Program Files (x86)\AppFiles 2013-09-15 14:43 - 2013-09-15 14:43 - 00000000 _____ C:\Windows\setuperr.log 2013-09-15 14:42 - 2013-09-15 14:42 - 00384318 _____ ( ) C:\Users\Hranca\Downloads\Mobile_phone_IMEI_unlocker_v1.3_[(zabranjeno)ED].exe 2013-09-15 11:45 - 2013-09-02 17:39 - 00002972 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Hranca 2013-09-15 11:45 - 2013-09-02 17:39 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Hranca.job 2013-09-15 10:36 - 2013-03-15 11:31 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job 2013-09-15 10:11 - 2013-09-15 10:11 - 05126233 ____R (Swearware) C:\Users\Hranca\Desktop\ComboFix.exe 2013-09-14 23:24 - 2013-01-20 11:53 - 00000000 ____D C:\Users\Hranca\AppData\Roaming\Wise Care 365 2013-09-14 21:30 - 2012-03-31 23:25 - 00000000 ____D C:\Users\Hranca\AppData\Roaming\uTorrent 2013-09-14 20:59 - 2013-01-21 17:29 - 00000000 ____D C:\Users\Hranca\Desktop\text 2013-09-14 20:27 - 2013-09-14 20:27 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-14 20:27 - 2013-09-14 20:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-14 20:26 - 2013-09-14 20:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hranca\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-14 18:53 - 2013-09-14 18:53 - 00001664 _____ C:\Users\Public\Desktop\Recuva.lnk 2013-09-14 18:53 - 2013-04-13 18:03 - 00000000 ____D C:\Program Files\Recuva 2013-09-14 18:46 - 2013-02-02 21:44 - 00000000 ____D C:\Games 2013-09-14 18:45 - 2013-09-14 18:45 - 00000745 _____ C:\Users\Hranca\Documents\TombRaider.log 2013-09-14 18:32 - 2013-08-08 10:58 - 00000000 ____D C:\Program Files (x86)\Unlockroot 2013-09-14 17:51 - 2013-09-14 17:51 - 00354699 __RSH C:\PNGIJ 2013-09-14 17:51 - 2013-09-14 17:51 - 00000000 __RSH C:\mkxt.ld 2013-09-14 15:15 - 2013-09-14 15:15 - 00003210 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x0BC402F2 2013-09-14 14:38 - 2009-07-14 07:13 - 00782986 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-12 23:24 - 2013-08-16 23:03 - 00000000 ____D C:\Users\Hranca\AppData\Local\cache 2013-09-12 23:24 - 2013-08-16 23:02 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-09-10 10:56 - 2012-04-02 18:04 - 00000000 ____D C:\Users\Hranca\AppData\Roaming\vlc 2013-09-10 10:37 - 2012-04-16 08:02 - 00000000 ____D C:\Users\Hranca\Documents\My Games 2013-09-10 10:35 - 2013-09-10 10:34 - 00541984 _____ C:\Users\Hranca\Documents\Spojeno.mp3.sfk 2013-09-07 18:09 - 2013-08-16 23:03 - 00000000 ____D C:\Users\Hranca\AppData\Local\Mobogenie 2013-09-02 17:39 - 2013-09-02 17:39 - 00003618 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Hranca 2013-09-02 17:39 - 2013-09-02 17:39 - 00002676 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Hranca 2013-08-19 00:21 - 2009-07-14 07:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-18 13:03 - 2012-03-31 08:25 - 00000000 ____D C:\Users\Hranca 2013-08-17 08:44 - 2013-01-20 11:27 - 00000000 ___RD C:\Users\Hranca\Desktop\Tools 2013-08-17 08:42 - 2013-08-17 08:38 - 00000000 ___RD C:\Users\Hranca\Desktop\MOBILNI 2013-08-17 08:22 - 2012-04-24 08:10 - 00000000 ____D C:\Users\Hranca\AppData\Local\Adobe 2013-08-17 08:22 - 2012-04-02 17:16 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-17 08:22 - 2012-04-02 17:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\Users\Hranca\fbchathistory.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-11 10:02 ==================== End Of Log ============================ https://www.mycity.rs/must-login.png Dopuna: 16 Sep 2013 14:56 Log od tdsskiller.exe prikačen je https://www.mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 16 Sep 2013 19:01 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora. `C:\ProgramData\Realtek0 C:\Users\Hranca\fbchathistory.dat` U okviru Notepad-a klikni na File --> Save As Fajl nazovi fixlist.txt i sacuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sacekaj dok program ne završi Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi. Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu. Takode, na Desktop-u ce se nalaziti fixlog.txt. ============================================== Kakvo je sada stanje?

Profil

cvetko_a Poslao: 16 Sep 2013 19:52 Idi na vrh
offline cvetko_a Građanin Pridružio: 20 Feb 2005 Poruke: 297 Gde živiš: Vranje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 16 Sep 2013 19:45 C:\ProgramData\Realtek0 => Moved successfully. C:\Users\Hranca\fbchathistory.dat => Moved successfully. Sad kada restartujem računar proveriću stanje pa vam odgovaram Dopuna: 16 Sep 2013 19:52 Stanje je dobro nemam više obaveštenja od strane eseta. Da pitam za usb mmc da je ubacim u računar ili ???

Profil

TwinHeadedEagle Poslao: 16 Sep 2013 20:00 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi MCShield sa sljedeće adrese: http://amf.mycity.rs/mcshield/MCShield-Setup.exe Instaliraj MCShield i sačekaj da se završi uvodno skeniranje. Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani. Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd. Idi na Start -> All Programs -> MCShield -> Logs -> AllScans Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Ko je trenutno na forumu

Ukupno su 513 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 507 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anta, bato, goxin, milenko crazy north, nenad81, sasa76

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by